Authcrunch Caddy-security
5 CVEs affecting Authcrunch Caddy-security. Latest disclosed: 2024-02-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-21496 | Medium | 6.1 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanit… |
CVE-2023-52430 | Medium | 6.1 | 2024-02-12 | The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /set… |
CVE-2024-21498 | Medium | 5.3 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. A… |
CVE-2024-21500 | Medium | 4.8 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor a… |
CVE-2024-21492 | Medium | 4.8 | 2024-02-17 | All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon… |